VDB
RHSA-2026%3A28133
RHSA-2026%3A28133
PUBLISHED
CVSS 8.199999809265137 HIGH
A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the `complete`, `guitabtooltip`, `printheader` options and the `mapset` function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution.
Risk Scores
CVSS 3.1
8.199999809265137
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | vim-enhanced-2:8.2.2637-20.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2) | 8.2.2637-20.el9 |
| Red Hat | vim-minimal-debuginfo-2:8.2.2637-20.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2) | 8.2.2637-20.el9 |
| Red Hat | vim-enhanced-2:8.2.2637-20.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2) | 8.2.2637-20.el9 |
| Red Hat | vim-enhanced-2:8.2.2637-20.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2) | 8.2.2637-20.el9 |
| Red Hat | vim-common-2:8.2.2637-20.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2) | 8.2.2637-20.el9 |
| Red Hat | vim-common-2:8.2.2637-20.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2) | 8.2.2637-20.el9 |
| Red Hat | vim-minimal-debuginfo-2:8.2.2637-20.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2) | 8.2.2637-20.el9 |
| Red Hat | vim-enhanced-2:8.2.2637-20.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2) | 8.2.2637-20.el9 |
| Red Hat | vim-X11-2:8.2.2637-20.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2) | 8.2.2637-20.el9 |
| Red Hat | vim-X11-debuginfo-2:8.2.2637-20.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2) | 8.2.2637-20.el9 |
| Red Hat | vim-2:8.2.2637-20.el9_2.2.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2) | 8.2.2637-20.el9 |
| Red Hat | vim-enhanced-debuginfo-2:8.2.2637-20.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2) | 8.2.2637-20.el9 |
| Red Hat | vim-X11-debuginfo-2:8.2.2637-20.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2) | 8.2.2637-20.el9 |
| Red Hat | vim-debugsource-2:8.2.2637-20.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2) | 8.2.2637-20.el9 |
| Red Hat | vim-common-debuginfo-2:8.2.2637-20.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2) | 8.2.2637-20.el9 |
| Red Hat | vim-debuginfo-2:8.2.2637-20.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2) | 8.2.2637-20.el9 |
| Red Hat | vim-common-2:8.2.2637-20.el9_2.2.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2) | 8.2.2637-20.el9 |
| Red Hat | vim-minimal-2:8.2.2637-20.el9_2.2.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2) | 8.2.2637-20.el9 |
| Red Hat | vim-filesystem-2:8.2.2637-20.el9_2.2.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2) | 8.2.2637-20.el9 |
| Red Hat | vim-common-debuginfo-2:8.2.2637-20.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2) | 8.2.2637-20.el9 |
…and 64 more
Timeline
- Jun 23, 2026 CVE Published
- Jun 23, 2026 CVE Updated
- Jun 23, 2026 Distribution Patch
- Jun 23, 2026 Distribution Patch
- Jun 23, 2026 Security Advisory
- Jun 23, 2026 Security Advisory
- Jun 23, 2026 Security Advisory
- Jun 23, 2026 Security Advisory
- Jun 23, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2026:28133 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2455400 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2455542 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2461614 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2477915 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_28133.json advisory
- https://access.redhat.com/security/cve/CVE-2026-34982 advisory
- https://www.cve.org/CVERecord?id=CVE-2026-34982 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-34982 advisory
- http://www.openwall.com/lists/oss-security/2026/04/01/1 advisory
- https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615 advisory
- https://github.com/vim/vim/releases/tag/v9.2.0276 advisory
- https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9 advisory
- https://access.redhat.com/security/cve/CVE-2026-35177 advisory
- https://www.cve.org/CVERecord?id=CVE-2026-35177 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-35177 advisory
- https://github.com/vim/vim/security/advisories/GHSA-jc86-w7vm-8p24 advisory
- https://access.redhat.com/security/cve/CVE-2026-41411 advisory
- https://www.cve.org/CVERecord?id=CVE-2026-41411 advisory
…and 10 more